Report: There’s A New Chinese Hacker Army Attacking The US

Report: There’s A New Chinese Hacker Army Attacking The US

A report by security company CrowdStrike claims that a new Shanghai-based cyberattack unit, with links to the People’s Liberation Army in China, has been hacking the US. The group — codenamed “Putter Panda” because it often preys on golf-playing conference attendees — is believed to have been in existence since 2007.

Over the past seven years, it’s claimed the group has attacked American, European, and Japanese companies involved with the aerospace, satellite and communication industries. The hackers have also apparently gathered information on government sectors in the US, too, according to the report.

Formally known as Unit 61486, the 12th Bureau of the PLA’s 3rd General Staff Department, it’s the second group to linked to cyber espionage. The first, 61398, contains five military officers listed as Wanted by the FBI. But CrowdStrike reckons that is “the tip of a very large iceberg”:

Those reading the indictment should not conclude that the People’s Republic of China (PRC) hacking campaign is limited to five soldiers in one military unit, or that they solely target the United States government and corporations. Rather, China’s decade-long economic espionage campaign is massive and unrelenting. Through widespread espionage campaigns, Chinese threat actors are targeting companies and governments in every part of the globe.

Putter Panda apparently operates by sending innocent-seeming emails with job postings, PDF invitations to conferences, and, weirdly, a yoga studio brochures to encourage users to download malware. CrowdStrike claims it may have cooperated or shared resources with the Unit 61398 to do so. There’s also evidence that a 35-year old male named Chen Ping is involved with the newly named unit.

Tensions still run high between the two countries: China can’t stop hacking the US, the US insists on fighting back, and there seems to be no signs of the situation changing any time soon. Doubtless this new report by CrowdStrike will do little to soothe matters. [CrowdStrike via Re/code]